﻿using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Text;

namespace Apewer.Network
{

    /// <summary></summary>
    public static class SslUtility
    {

        /// <summary>证书验证回调。</summary>
        private static RemoteCertificateValidationCallback ValidationCallback
        {
            get { return ServicePointManager.ServerCertificateValidationCallback; }
            set { ServicePointManager.ServerCertificateValidationCallback = value; }
        }

        /// <summary>证书验证。忽略所有错误。</summary>
        public static bool ApproveAll(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
        {
            return true;
        }

        /// <summary>证书验证。</summary>
        public static X509Certificate ApproveFirst(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
        {
            if (localCertificates != null)
            {
                for (var i = 0; i < localCertificates.Count; i++)
                {
                    var certificate = localCertificates[i];
                    if (certificate != null) return certificate;
                }
            }
            return null;
        }

        /// <summary>证书验证。要求必须有正确的证书。</summary>
        public static bool ApproveRight(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
        {
            return (errors == SslPolicyErrors.None) ? true : false;
        }

        /// <summary>设置可通用的证书验证回调。</summary>
        /// <param name="all">批准所有验证，指定为 FALSE 时将要求系统验证。</param>
        public static void ApproveValidation(bool all = true)
        {
            if (all) ValidationCallback = new RemoteCertificateValidationCallback(ApproveAll);
            else ValidationCallback = new RemoteCertificateValidationCallback(ApproveRight);
        }

    }

}
